CVE-2022-34676 — Numeric Truncation Error in Nvidia Cloud Gaming

CWE-197 — Numeric Truncation Error CWE-125 — Out-of-bounds Read4 documents4 sources

Severity

7.8HIGHNVD

CNA7.1

EPSS

0.1%

top 76.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nvidia Cloud Gaming Nvidia Virtual GPU

Timeline

PublishedDec 30

Latest updateDec 31

Description

NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of service, information disclosure, or data tampering.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages2 packages

▶NVDnvidia/virtual_gpu12.0 — 13.6+2

▶NVDnvidia/cloud_gaming< 525.60.11+1

🔴Vulnerability Details

GHSA

GHSA-cr4w-fcq2-h6q4: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of servi↗2022-12-31

▶

CVEList

CVE-2022-34676: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of servi↗2022-12-30

▶

OSV

CVE-2022-34676: NVIDIA GPU Display Driver for Linux contains a vulnerability in the kernel mode layer handler, where an out-of-bounds read may lead to denial of servi↗2022-12-30

▶